Service-based defense policy
Bongor anti-DDoS solution supports continuously periodic learning and analysis on the service traffic of the Zone, draws the outline of normal service traffic, and enables differentiated defense types and policies for various services or one service in different time ranges, therefore implementing refined defense.
Accurate abnormal traffic cleaning
Bongor anti-DDoS solution uses the per-packet detect technology. Defense is triggered immediately by an attack. This solution applies multiple technologies, including seven-layer filtering, behavior analysis, and session monitoring, to accurately defend against various flood attacks, Web application attacks, DNS attacks, SSL DoS/DDoS attacks, and protocol stack vulnerability attacks. In this way, application servers are protected.
Intelligently caching DNS traffic
Besides accurately defending against various attacks on the DNS server, Bongor anti-DDoS solution supports DNS cache for improved performance under heavy DNS server traffic.
Defense against prevailing zombies/Trojan horses/worms
By spreading Trojan horses and worms to large numbers of hosts, hackers control the hosts hierarchically and form the botnet to launch attacks. Therefore, botnets breed DDoS attacks. Bongor anti-DDoS solution identifies and blocks over 200 common zombies/Trojan horses/worms worldwide, therefore smashing botnets.
Perfect IPv4-IPv6 defense
In February 2011, IANA declared that IPv4 addresses were exhausted. Enterprises have no new IPv4 addresses and begin to put IPv6 network construction into agenda. The particular IPv4-IPv6 technology of Bongor anti-DDoS solution supports concurrent defense against DDoS attacks on both IPv4 and IPv6 networks. The solution addresses the DDoS attack defense requirements in dual stack and helps users transit to the next generation network.
The anti-DDoS solution must be adaptive to various network environments and address different grades of service requirements. On this basis, Bongor anti-DDoS solution provides multiple in-line and off-line deployments, which enable customers to select flexibly by their services and networks.
In-line deployment: serially connects the detecting and cleaning modules to the network to be protected for direct traffic
detecting and cleaning. The high-performance and multi-core hardware platform in use not only ensures the detecting and
cleaning accuracy, but also minimizes the processing delay. Moreover, Bongor anti-DDoS solution provides the bypass module. When an anomaly occurs, traffic is sent to the cleaning module, which avoids introducing new failures.
Off-line traffic-diversion deployment: deploys the cleaning module on the network in off-line mode. Once detecting DDoS
attack traffic, the detecting and cleaning centers perform actions based on the policies configured in the management center.